Questions that are too localized (such as syntax errors, code with restricted access, hacked sites, hosting or support issues) are not in scope. See how do I ask a good question?

Closed 5 years ago.

Some information: Yesterday I found out that my wordpress page has been 'hacked' (for the lack of a better word). Everyone going to my page was redirected to a page where the last 3 X are just a number between 101 and 999 I belive.

Logging in to my ftp I discovered all these Netflix folders in my web site root folder + a folder called BOTS, a robots.txt and some other stuff.

I didn't have a running backup yet (amended this the second I realized that I got hacked) so I had to try to revert to a functioning state. Thankfully none of the original files seem to have been touched (apart from index.php - I still have to verify everything to be sure).

I don't believe that they got access via FTP or the damage would have been much bigger so my guess is that they exploited wordpress in some way to inject all these folders and files. Question is: How do you prevent this apart from constantly updating plugins and just keep a backup just in case? Passwords I use are unique and not being used anywhere else.

Questions that are too localized (such as syntax errors, code with restricted access, hacked sites, hosting or support issues) are not in scope. See how do I ask a good question?

Closed 5 years ago.

Some information: Yesterday I found out that my wordpress page has been 'hacked' (for the lack of a better word). Everyone going to my page was redirected to a http://mywordpresspage/NetflixXXX page where the last 3 X are just a number between 101 and 999 I belive.

Logging in to my ftp I discovered all these Netflix folders in my web site root folder + a folder called BOTS, a robots.txt and some other stuff.

I didn't have a running backup yet (amended this the second I realized that I got hacked) so I had to try to revert to a functioning state. Thankfully none of the original files seem to have been touched (apart from index.php - I still have to verify everything to be sure).

I don't believe that they got access via FTP or the damage would have been much bigger so my guess is that they exploited wordpress in some way to inject all these folders and files. Question is: How do you prevent this apart from constantly updating plugins and just keep a backup just in case? Passwords I use are unique and not being used anywhere else.

• security
• hacked

2 Answers 2

As mentioned, updates are vitally important, as are good password practices. I manage many WP sites, and I check (and install) updates every day.

I also have some security things that I do by default to reduce the 'footprint'. Among them are to not have a user called 'admin', disable xmlrpc, strong passwrods everywhere (host, database, FTP users, WP admin-level users, and some htaccess tricks. It got a bit unweildy to remember to do all of those things manually whenever i set up a new site, so I created my own plugin to make it easier to make the security settings I prefer. (It's called "CellarWeb Privacy and Security Options" in the WP plugin repository.)

AS for cleaning up a site; I've had to do those for clients. So I created my own checklist of cleanup procedures here https://www.securitydawg/recovering-from-a-hacked-wordpress-site/ . There are many other places to get similar info; I just put them in my site for my reference the next time I needed to clean up a site.

For some sites, I have a custom program that hashes all files and stores those values in a database. I run it once to get a baseline, then run again in the future to see files that have changed. It helps alert me to possible unauthorized changes.

Monitoring your site for changes; keeping everything current; only using plugins/themes from the WP repository; good password practices, and others are helpful to keep the sites I manage clean.

First, check if your plugins are on this (or similar) list. This one is pretty frequently updated and shows discovered vulnerabilities. https://wpvulndb/plugins

Sadly, it is nearly impossible to secure Wordpress (the same goes to any other website on the Internet) to be impossible to 'hack'.

Second, here's a checklist of my precautions. Besides the obvious ones like strong passwords, SSL, using PHP 7+, updating server-side software and so on.

• Change admin id from #1 to a different one
• Use as few user accounts as possible. Logins should be strings of letters that make no sense
• Use as few plugins as possible, delete all unnecessary themes
• tidy up all robots.txt, .htaccess and other critical files and keep an eye on their content. If something is up to happen, it is most likely that these files would get harmed
• use server-side backup system and keep backups in different location
• Security, backup and firewall WP plugins require high level access to your installation. If possible, avoid them.
• Use captcha on all forms

A paranoic one would like to change 'salts' in wp-config file from time to time and write down dates and times of each plugin/theme update :)

Avoid renaming wp-config and login files. It doesn't help and can mess the site up. Web crawlers will find the right login address eventually.